.. -*-restructuredtext-*-
.. image:: https://github.com/ubernostrum/pwned-passwords-django/workflows/CI/badge.svg
:alt: CI status image
:target: https://github.com/ubernostrum/pwned-passwords-django/actions?query=workflow%3ACI
``pwned-passwords-django`` provides helpers for working with the
`Pwned Passwords database from Have I Been Pwned
<https://haveibeenpwned.com/Passwords>`_ in `Django
<https://www.djangoproject.com/>`_ powered sites. Pwned Passwords is
an extremely large database of passwords known to have been
compromised through data breaches, and is useful as a tool for
rejecting common or weak passwords.
There are three main components to this application:
* `A password validator
<https://pwned-passwords-django.readthedocs.io/en/latest/validator.html>`_
which integrates with `Django's password-validation tools
<https://docs.djangoproject.com/en/5.0/topics/auth/passwords/#module-django.contrib.auth.password_validation>`_
and checks the Pwned Passwords database.
* `A Django middleware
<https://pwned-passwords-django.readthedocs.io/en/latest/middleware.html>`_
(supporting both sync and async requests) which automatically checks
certain request payloads against the Pwned Passwords database.
* `An API client
<https://pwned-passwords-django.readthedocs.io/en/latest/api.html>`_
providing direct access (both sync and async) to the Pwned Passwords
database.
All three use a secure, anonymized API which `never transmits any
password or its full hash to any third party
<https://pwned-passwords-django.readthedocs.io/en/latest/faq.html#api-safety>`_.
Usage
-----
The recommended configuration is to enable both the validator and the
automatic password-checking middleware. To do this, make the following
changes to your Django settings.
First, add the validator to your AUTH_PASSWORD_VALIDATORS list:
.. code-block:: python
AUTH_PASSWORD_VALIDATORS = [
# ... other password validators ...
{
"NAME": "pwned_passwords_django.validators.PwnedPasswordsValidator",
},
]
Then, add the middleware to your MIDDLEWARE list:
.. code-block:: python
MIDDLEWARE = [
# .. other middlewares ...
"pwned_passwords_django.middleware.pwned_passwords_middleware",
]
For more details, consult `the full documentation
<https://pwned-passwords-django.readthedocs.io/>`_.
Raw data
{
"_id": null,
"home_page": null,
"name": "pwned-passwords-django",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "django, security, passwords, auth, authentication",
"author": "James Bennett",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/34/c1/3d279acccfc1f9a76493a28bdd08b42fef2d8f0164a6bf9f3df8b1a984eb/pwned_passwords_django-5.1.1.tar.gz",
"platform": null,
"description": ".. -*-restructuredtext-*-\n\n.. image:: https://github.com/ubernostrum/pwned-passwords-django/workflows/CI/badge.svg\n :alt: CI status image\n :target: https://github.com/ubernostrum/pwned-passwords-django/actions?query=workflow%3ACI\n\n``pwned-passwords-django`` provides helpers for working with the\n`Pwned Passwords database from Have I Been Pwned\n<https://haveibeenpwned.com/Passwords>`_ in `Django\n<https://www.djangoproject.com/>`_ powered sites. Pwned Passwords is\nan extremely large database of passwords known to have been\ncompromised through data breaches, and is useful as a tool for\nrejecting common or weak passwords.\n\nThere are three main components to this application:\n\n* `A password validator\n <https://pwned-passwords-django.readthedocs.io/en/latest/validator.html>`_\n which integrates with `Django's password-validation tools\n <https://docs.djangoproject.com/en/5.0/topics/auth/passwords/#module-django.contrib.auth.password_validation>`_\n and checks the Pwned Passwords database.\n\n* `A Django middleware\n <https://pwned-passwords-django.readthedocs.io/en/latest/middleware.html>`_\n (supporting both sync and async requests) which automatically checks\n certain request payloads against the Pwned Passwords database.\n\n* `An API client\n <https://pwned-passwords-django.readthedocs.io/en/latest/api.html>`_\n providing direct access (both sync and async) to the Pwned Passwords\n database.\n\nAll three use a secure, anonymized API which `never transmits any\npassword or its full hash to any third party\n<https://pwned-passwords-django.readthedocs.io/en/latest/faq.html#api-safety>`_.\n\n\nUsage\n-----\n\nThe recommended configuration is to enable both the validator and the\nautomatic password-checking middleware. To do this, make the following\nchanges to your Django settings.\n\nFirst, add the validator to your AUTH_PASSWORD_VALIDATORS list:\n\n.. code-block:: python\n\n AUTH_PASSWORD_VALIDATORS = [\n # ... other password validators ...\n {\n \"NAME\": \"pwned_passwords_django.validators.PwnedPasswordsValidator\",\n },\n ]\n\nThen, add the middleware to your MIDDLEWARE list:\n\n.. code-block:: python\n\n MIDDLEWARE = [\n # .. other middlewares ...\n \"pwned_passwords_django.middleware.pwned_passwords_middleware\",\n ]\n\nFor more details, consult `the full documentation\n<https://pwned-passwords-django.readthedocs.io/>`_.\n",
"bugtrack_url": null,
"license": "BSD-3-Clause",
"summary": "A Pwned Passwords implementation for Django sites.",
"version": "5.1.1",
"project_urls": {
"Documentation": "https://pwned-passwords-django.readthedocs.io/",
"Source Code": "https://github.com/ubernostrum/pwned-passwords-django"
},
"split_keywords": [
"django",
" security",
" passwords",
" auth",
" authentication"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a7c6cfca6eab8acb1c3f570c8bafbe4041a3c62ec844a69dbb200dd6b53a20d0",
"md5": "1e4e6ada685c31cd428166115ffac0db",
"sha256": "5fea82fad910ce137a50615968a1670064799bca8cc4ad7c754564a5733348a4"
},
"downloads": -1,
"filename": "pwned_passwords_django-5.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "1e4e6ada685c31cd428166115ffac0db",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 12123,
"upload_time": "2024-11-08T07:47:18",
"upload_time_iso_8601": "2024-11-08T07:47:18.842936Z",
"url": "https://files.pythonhosted.org/packages/a7/c6/cfca6eab8acb1c3f570c8bafbe4041a3c62ec844a69dbb200dd6b53a20d0/pwned_passwords_django-5.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "34c13d279acccfc1f9a76493a28bdd08b42fef2d8f0164a6bf9f3df8b1a984eb",
"md5": "b4cc3957aed4cdcd6fbfaecfdb9d7114",
"sha256": "90d7f5933dde15ad262bebd3ab9472cfd06d19fc0a6795466534e58f554d0f81"
},
"downloads": -1,
"filename": "pwned_passwords_django-5.1.1.tar.gz",
"has_sig": false,
"md5_digest": "b4cc3957aed4cdcd6fbfaecfdb9d7114",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 42765,
"upload_time": "2024-11-08T07:47:20",
"upload_time_iso_8601": "2024-11-08T07:47:20.497386Z",
"url": "https://files.pythonhosted.org/packages/34/c1/3d279acccfc1f9a76493a28bdd08b42fef2d8f0164a6bf9f3df8b1a984eb/pwned_passwords_django-5.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-08 07:47:20",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ubernostrum",
"github_project": "pwned-passwords-django",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "pwned-passwords-django"
}
JSON
